Attempt at renaming to ['password_encryption'] for more clarity

14 years ago · 096b8663dc
parent 9b3b70b13c
commit 096b8663dc
12 changed files with 46 additions and 47 deletions
--- a/main/admin/user_export.php
+++ b/main/admin/user_export.php
@ -61,7 +61,7 @@ $form->setDefaults(array('file_type'=>'csv'));

 if ($form->validate())
 {
-	global $userPasswordCrypted;
+	global $_configuration;

 	$export = $form->exportValues();
 	$file_type = $export['file_type'];
@ -72,7 +72,7 @@ if ($form->validate())
 					u.firstname 	AS FirstName,
 					u.email 		AS Email,
 					u.username	AS UserName,
-					".(($userPasswordCrypted!='none')?" ":"u.password AS Password, ")."
+					".(($_configuration['password_encryption']!='none')?" ":"u.password AS Password, ")."
 					u.auth_source	AS AuthSource,
 					u.status		AS Status,
 					u.official_code	AS OfficialCode,
@ -99,9 +99,8 @@ if ($form->validate())
 	require_once (api_get_path(LIBRARY_PATH).'usermanager.lib.php');
 	$data = array();
 	$extra_fields = Usermanager::get_extra_fields(0, 0, 5, 'ASC',false);
-	if ($export['addcsvheader']=='1' AND $export['file_type']=='csv')
-	{
-		if($userPasswordCrypted!='none') {
+	if ($export['addcsvheader']=='1' AND $export['file_type']=='csv') {
+		if($_configuration['password_encryption']!='none') {
 			$data[] = array('UserId', 'LastName', 'FirstName', 'Email', 'UserName', 'AuthSource', 'Status', 'OfficialCode', 'PhoneNumber');
 		} else {
 			$data[] = array('UserId', 'LastName', 'FirstName', 'Email', 'UserName','Password',  'AuthSource', 'Status', 'OfficialCode', 'PhoneNumber');
--- a/main/auth/lostPassword.php
+++ b/main/auth/lostPassword.php
@ -27,7 +27,9 @@ require_once api_get_path(LIBRARY_PATH).'mail.lib.inc.php';
 require_once api_get_path(LIBRARY_PATH).'custompages.lib.php';

 // Custom pages
-// Had to move the form handling in here, because otherwise there would already be some display output.
+// Had to move the form handling in here, because otherwise there would 
+// already be some display output.
+global $_configuration;
 if (api_get_setting('use_custom_pages') == 'true') {
 	if (isset ($_POST['user']) && isset ($_POST['email'])) {
 		$user = $_POST['user'];
@ -58,7 +60,7 @@ if (api_get_setting('use_custom_pages') == 'true') {
 				$by_username = true; // single user (valid user + email)
 				$user = Database::fetch_array($result);
 			}
-			if ($userPasswordCrypted != 'none') {
+			if ($_configuration['password_encryption'] != 'none') {
 				Login::handle_encrypted_password($user, $by_username);
 			} else {
 				Login::send_password_to_user($user, $by_username);
@ -131,7 +133,7 @@ if (isset ($_GET['reset']) && isset ($_GET['id'])) {
            $by_username = true;
            $users = Database::store_result($result);
            foreach( $users as $user ) {
-                if ($userPasswordCrypted != 'none') {
+                if ($_configuration['password_encryption'] != 'none') {
                    Login::handle_encrypted_password($user, $by_username);
                } else {
                    Login::send_password_to_user($user, $by_username);
--- a/main/auth/sso/sso.class.php
+++ b/main/auth/sso/sso.class.php
@ -52,7 +52,7 @@ class sso {
     * @return	bool	Return the loginFailed variable value to local.inc.php
     */
    public function check_user() {
-        global $_user, $userPasswordCrypted, $_configuration;
+        global $_user, $_configuration;
        $loginFailed = false;
 	//change the way we recover the cookie depending on how it is formed
        $sso = $this->decode_cookie($_GET['sso_cookie']);
@ -68,7 +68,7 @@ class sso {
            //Check the user's password
            if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
                // Make sure password is encrypted with md5
-                if (!$userPasswordCrypted) {
+                if (!$_configuration['password_encryption']) {
                    $uData['password'] = md5($uData['password']);
                }
                //the authentification of this user is managed by Chamilo itself
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -4669,8 +4669,8 @@ function api_is_in_group($group_id = null, $course_code = null) {
 */
 function api_get_encrypted_password($password, $salt = '') {

-    global $userPasswordCrypted;
-    switch ($userPasswordCrypted){
+    global $_configuration;
+    switch ($_configuration['password_encryption']){
        case 'md5':
            return empty($salt) ? md5($password) : md5($password.$salt);
        case 'sha1':
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@ -75,7 +75,7 @@ class UserManager {
 	  * it stores the error message in global $api_failureList
 	  */
 	public static function create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code = '', $language = '', $phone = '', $picture_uri = '', $auth_source = PLATFORM_AUTH_SOURCE, $expiration_date = '0000-00-00 00:00:00', $active = 1, $hr_dept_id = 0, $extra = null, $encrypt_method = '') {
-		global $_user, $userPasswordCrypted;
+		global $_user, $_configuration;

 		$firstName 	= Security::remove_XSS($firstName);
 		$lastName	= Security::remove_XSS($lastName);
@ -104,7 +104,7 @@ class UserManager {
 		if ($encrypt_method == '') {
 			$password = api_get_encrypted_password($password);
 		} else {
-			if ($userPasswordCrypted === $encrypt_method ) {
+			if ($_configuration['password_encryption'] === $encrypt_method ) {
 				if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
 					return api_set_failure('encrypt_method invalid');
 				} else if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) {
@ -114,7 +114,6 @@ class UserManager {
 				return api_set_failure('encrypt_method invalid');
 			}
 		}
-		//$password = ($userPasswordCrypted ? md5($password) : $password);
 		//@todo replace this date with the api_get_utc_date function big problem with users that are already registered
 		$current_date = date('Y-m-d H:i:s', time());
 		$sql = "INSERT INTO $table_user
@ -341,7 +340,7 @@ class UserManager {
 	 * @return boolean true if the user information was updated
 	 */
 	public static function update_user($user_id, $firstname, $lastname, $username, $password = null, $auth_source = null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active, $creator_id = null, $hr_dept_id = 0, $extra = null, $language = 'english', $encrypt_method = '') {
-		global $userPasswordCrypted;
+		global $_configuration;
 		if ($user_id != strval(intval($user_id))) return false;
 		if ($user_id === false) return false;
 		$table_user = Database :: get_main_table(TABLE_MAIN_USER);
@ -359,11 +358,10 @@ class UserManager {
 				username='".Database::escape_string($username)."',
 				language='".Database::escape_string($language)."',";
 		if (!is_null($password)) {
-			//$password = $userPasswordCrypted ? md5($password) : $password;
 			if($encrypt_method == '') {
 				$password = api_get_encrypted_password($password);
 			} else {
-				if ($userPasswordCrypted === $encrypt_method ) {
+				if ($_configuration['password_encryption'] === $encrypt_method ) {
 					if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
 						return api_set_failure('encrypt_method invalid');
 					} else if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) {
--- a/main/install/configuration.dist.php
+++ b/main/install/configuration.dist.php
@ -119,7 +119,7 @@ $_configuration['verbose_backup']    = false;
 // security word for password recovery
 $_configuration['security_key']      = '{SECURITY_KEY}';
 // Hash function method
-$userPasswordCrypted                 = '{ENCRYPT_PASSWORD}';
+$_configuration['password_encryption']      = '{ENCRYPT_PASSWORD}';
 // You may have to restart your web server if you change this
 $storeSessionInDb                    = false;
 // Session lifetime
--- a/main/install/index.php
+++ b/main/install/index.php
@ -584,6 +584,9 @@ if ($_POST['step2']) {
 		if (in_array($my_old_version, $update_from_version_6)) {   //for version 1.6
 			$urlForm = get_config_param('rootWeb');
 			$encryptPassForm = get_config_param('userPasswordCrypted');
+			if (empty($encryptPassForm)) {
+				$encryptPassForm = get_config_param('password_encryption');
+			}
 			// Managing the $encryptPassForm
 			if ($encryptPassForm == '1') {
 				$encryptPassForm = 'sha1';
@ -726,9 +729,9 @@ if ($_POST['step2']) {
 		if (empty($my_old_version)) { $my_old_version = '1.8.6.2'; } //we guess
 		$_configuration['main_database'] = $dbNameForm;
 		//$urlAppendPath = get_config_param('urlAppend');
-        error_log('Starting migration process from '.$my_old_version.' ('.time().')', 0);
+        	error_log('Starting migration process from '.$my_old_version.' ('.time().')', 0);

-    	if ($userPasswordCrypted == '1') {
+    		if ($userPasswordCrypted == '1') {
 			$userPasswordCrypted = 'md5';
 		} elseif ($userPasswordCrypted == '0') {
 			$userPasswordCrypted = 'none';
@ -848,4 +851,4 @@ if ($_POST['step2']) {
 	<div class="footer_emails"><div style="clear:both"></div></div>	
 </div>
 </body>
-</html>
+</html>
--- a/main/user/user_add.php
+++ b/main/user/user_add.php
@ -115,8 +115,6 @@ if($register) {
        if ($_cid) $platformStatus = STUDENT;          // course registrartion context...
        else       $platformStatus = $platformStatus; // admin section of the platform context...

-        //if ($userPasswordCrypted) $pw = md5($password_form);
-        //else                      $pw = $password_form;
        $pw = api_get_encrypted_password($password_form);
        $result = Database::query("INSERT INTO $tbl_user
                               SET lastname       = '$lastname_form',
--- a/main/webservices/registration.soap.php
+++ b/main/webservices/registration.soap.php
@ -143,7 +143,7 @@ $server->register('WSCreateUsers',			// method name
 // Define the method WSCreateUsers
 function WSCreateUsers($params) {

-    global $_user, $userPasswordCrypted, $_configuration;
+    global $_user, $_configuration;

    if(!WSHelperVerifyKey($params)) {
        return -1;
@ -197,7 +197,7 @@ function WSCreateUsers($params) {
                firstname='".Database::escape_string($firstName)."',
                username='".Database::escape_string($loginName)."',";
                if (!is_null($password)) {
-                    $password = $userPasswordCrypted ? api_get_encrypted_password($password) : $password;
+                    $password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
                    $sql .= " password='".Database::escape_string($password)."',";
                }
                if (!is_null($auth_source)) {
@ -243,7 +243,7 @@ function WSCreateUsers($params) {
            }
        }

-        $password = ($userPasswordCrypted ? api_get_encrypted_password($password) : $password);
+        $password = ($_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password);
        $sql = "INSERT INTO $table_user
                                    SET lastname = '".Database::escape_string(trim($lastName))."',
                                    firstname = '".Database::escape_string(trim($firstName))."',
@ -353,7 +353,7 @@ $server->register('WSCreateUser',				// method name
 // Define the method WSCreateUser
 function WSCreateUser($params) {

-    global $_user, $userPasswordCrypted, $_configuration;
+    global $_user, $_configuration;

    if(!WSHelperVerifyKey($params)) {
        return -1;
@ -400,7 +400,7 @@ function WSCreateUser($params) {
            firstname='".Database::escape_string($firstName)."',
            username='".Database::escape_string($loginName)."',";
            if (!is_null($password)) {
-                $password = $userPasswordCrypted ? api_get_encrypted_password($password) : $password;
+                $password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
                $sql .= " password='".Database::escape_string($password)."',";
            }
            if (!is_null($auth_source)) {
@ -443,7 +443,7 @@ function WSCreateUser($params) {
        }
    }

-    $password = ($userPasswordCrypted ? api_get_encrypted_password($password) : $password);
+    $password = ($_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password);
    $sql = "INSERT INTO $table_user
                                SET lastname = '".Database::escape_string(trim($lastName))."',
                                firstname = '".Database::escape_string(trim($firstName))."',
@ -592,7 +592,7 @@ $server->register('WSCreateUsersPasswordCrypted',						    // method name
 // Define the method WSCreateUsersPasswordCrypted
 function WSCreateUsersPasswordCrypted($params) {

-    global $_user, $userPasswordCrypted, $_configuration;
+    global $_user, $_configuration;

    if(!WSHelperVerifyKey($params)) {
        return -1;
@ -633,7 +633,7 @@ function WSCreateUsersPasswordCrypted($params) {
        $extra_list = $user_param['extra'];
        $salt = '';

-        if ($userPasswordCrypted === $encrypt_method ) {
+        if ($_configuration['password_encryption'] === $encrypt_method ) {
            if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
                $msg = "Encryption $encrypt_method is invalid";
                $results[] = $msg;
@ -837,7 +837,7 @@ $server->register('WSCreateUserPasswordCrypted',						// method name
 // Define the method WSCreateUserPasswordCrypted
 function WSCreateUserPasswordCrypted($params) {

-    global $_user, $userPasswordCrypted, $_configuration, $debug;
+    global $_user, $_configuration, $debug;

    if (!WSHelperVerifyKey($params)) {        
        return -1;
@ -871,7 +871,7 @@ function WSCreateUserPasswordCrypted($params) {
    $extra_list             = $params['extra'];
    $salt = '';

-    if ($userPasswordCrypted === $encrypt_method ) {
+    if ($_configuration['password_encryption'] === $encrypt_method ) {
        if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
            $msg = "Encryption $encrypt_method is invalid";
            return $msg;
@ -1086,7 +1086,7 @@ $server->register('WSEditUserCredentials',                    // method name

 // Define the method WSEditUser
 function WSEditUserCredentials($params) {
-    global $userPasswordCrypted;
+    global $_configuration;

    if(!WSHelperVerifyKey($params)) {
        return -1;
@ -1129,7 +1129,7 @@ function WSEditUserCredentials($params) {
    $sql = "UPDATE $table_user SET
            username='".Database::escape_string($username)."'";
    if (!is_null($password)) {
-        $password = $userPasswordCrypted ? api_get_encrypted_password($password) : $password;
+        $password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
        $sql .= ", password='".Database::escape_string($password)."' ";
    }
    $sql .=     " WHERE user_id='$user_id'";
@ -1175,7 +1175,7 @@ $server->register('WSEditUsers',				// method name

 // Define the method WSEditUsers
 function WSEditUsers($params) {
-    global $userPasswordCrypted;
+    global $_configuration;

    if(!WSHelperVerifyKey($params)) {
        return -1;
@ -1245,7 +1245,7 @@ function WSEditUsers($params) {
                firstname='".Database::escape_string($firstname)."',
                username='".Database::escape_string($username)."',";
        if (!is_null($password)) {
-            $password = $userPasswordCrypted ? api_get_encrypted_password($password) : $password;
+            $password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
            $sql .= " password='".Database::escape_string($password)."',";
        }
        if (!is_null($auth_source)) {
@ -1326,7 +1326,7 @@ $server->register('WSEditUser',		        // method name

 // Define the method WSEditUser
 function WSEditUser($params) {
-    global $userPasswordCrypted;
+    global $_configuration;

    if(!WSHelperVerifyKey($params)) {
        return -1;
@ -1386,7 +1386,7 @@ function WSEditUser($params) {
            firstname='".Database::escape_string($firstname)."',
            username='".Database::escape_string($username)."',";
    if (!is_null($password)) {
-        $password = $userPasswordCrypted ? api_get_encrypted_password($password) : $password;
+        $password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
        $sql .= " password='".Database::escape_string($password)."',";
    }
    if (!is_null($auth_source)) {
@ -1504,7 +1504,7 @@ $server->register('WSEditUsersPasswordCrypted',					// method name

 // Define the method WSEditUsersPasswordCrypted
 function WSEditUsersPasswordCrypted($params) {
-    global $userPasswordCrypted, $userPasswordCrypted;
+    global $_configuration;

    if(!WSHelperVerifyKey($params)) {
        return -1;
@ -1546,7 +1546,7 @@ function WSEditUsersPasswordCrypted($params) {

            $password = $user_param['password'];
            $encrypt_method = $user_param['encrypt_method'];
-            if ($userPasswordCrypted === $encrypt_method ) {
+            if ($_configuration['password_encryption'] === $encrypt_method ) {
                if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
                    $msg = "Encryption $encrypt_method is invalid";
                    $results[] = $msg;
@ -1682,7 +1682,7 @@ $server->register('WSEditUserPasswordCrypted',					// method name

 // Define the method WSEditUserPasswordCrypted
 function WSEditUserPasswordCrypted($params) {
-    global $userPasswordCrypted, $userPasswordCrypted;
+    global $_configuration;

    if(!WSHelperVerifyKey($params)) {
        return -1;
@ -1715,7 +1715,7 @@ function WSEditUserPasswordCrypted($params) {

        $password = $params['password'];
        $encrypt_method = $params['encrypt_method'];
-        if ($userPasswordCrypted === $encrypt_method ) {
+        if ($_configuration['password_encryption'] === $encrypt_method ) {
            if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
                $msg = "Encryption $encrypt_method is invalid";
                return $msg;
--- a/tests/main/inc/lib/main_api.lib.test.php
+++ b/tests/main/inc/lib/main_api.lib.test.php
@ -787,7 +787,6 @@ class TestMainApi extends UnitTestCase {
 	}

 	function testApiGetEncryptedPassword(){
-		global $userPasswordCrypted;
 		$pass= array ('password'=> '2222');
 		$res=api_get_encrypted_password($pass['password'],null);
 		$this->assertTrue($res);
--- a/tests/main/inc/lib/usermanager.lib.test.php
+++ b/tests/main/inc/lib/usermanager.lib.test.php
@ -18,7 +18,7 @@ class TestUserManager extends UnitTestCase {
    		$language='english';
    		$phone = '';
    		$picture_uri ='';
-    		global $_user, $userPasswordCrypted;
+    		global $_user;
    		ob_start();
    		$res= ob_get_contents();
    		UserManager::create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code, $language, $phone, $picture_uri);
--- a/tests/test_webservices.php
+++ b/tests/test_webservices.php
@ -23,7 +23,7 @@ class TestSoapWebService extends UnitTestCase {
 		$security_key = $configuration['security_key'];
 		$ip_address = '::1';
 		$this->_secret_key = sha1($ip_address.$security_key);
-		$this->_encrypt_method = $GLOBALS['userPasswordCrypted'];
+		$this->_encrypt_method = $configuration['password_encryption'];
 		$this->_client = new SoapClient($configuration['root_web'].'main/webservices/soap.php?wsdl');
 	}